One More Reason to Love Twitter: Fake People and Malware Injection.
June 22, 2023
Note: This essay is the work of a real and still-alive dinobaby. No smart software involved, just a dumb humanoid.
With regulators beginning to wake up to the threats, risks, and effects of online information, I enjoyed reading “Fake Zero-Day PoC Exploits on GitHub Push Windows, Linux Malware.” The write up points out:
Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware. These malicious exploits are promoted by alleged researchers at a fake cybersecurity company named ‘High Sierra Cyber Security,’ who promote the GitHub repositories on Twitter, likely to target cybersecurity researchers and firms involved in vulnerability research.
The tweeter thing is visualized by that nifty art generator Dezgo. I think the smart software captures the essence of the tweeter’s essence.
I noted that the target appears to be cyber security “experts”. Does this raise questions in your mind about the acuity of some of those who fell for the threat intelligence? I have to admit. I was not surprised. Not in the least.
The article includes illustrations of the “Python downloader.”
I want to mention that this is just one type of OSINT blindspot causing some “experts” to find themselves on the wrong end of a Tesla-like or Waymo-type self-driving vehicle. I know I would not stand in front of one. Similarly, I would not read about an “exploit” on Twitter, click on links, or download code.
But that’s just me, a 78 year old dinobaby. But a 30 something cyber whiz? That’s something that makes news.
Stephen E Arnold, June 22, 2023